> Theo de Raadt wrote: > > In general, I think -portable's should not add it back without really > > clear justification. The automatic tunnels are just as risky outside > > OpenBSD, because their packet filter tools encounter the same > > difficulty protecting against abuse. > > But in this case, using the option is the safer choice, right? So all the > portable code should be doing this.
Yeah Ted, make it your next holy mission. ImageMagick deals with sockets by the way. Knock yourself out. And probably 10,000 programs after that! Great rewards await you in the next life! > One might argue that even if the option is a nop, it is the correct way to > write an IPv6 program, and therefore should be done always. >From the beginning we were promised that modifying a program to use IPv6 only required opening a 2nd socket using AF_INET6. Then the recipes grew, and grew and grew. It went astray. 10,000 programs don't follow the practice. If everyone has to follow this practice, then the practice is wrong. If basically noone follows the practice, then the practice is also wrong. > I think we should produce an operating system with safe defaults. But it is > dangerous to write software with implicit dependencies on those defaults. The IETF recipe reminds me of: .section .note.GNU-stack,"",@progbits Eventually some pain must be felt by the people in a position to force a change of the default, or their users.
